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Amendmen ts to the Claims 

This listing of claims will replace all prior versions, and listing, of claims in the 
application: 

Listing of the Cfairn s: 

1. (Original) A computer-implemented method of implementing security for SOAP 
messages which can be exchanged between client and server programs, the method 
comprising: 

receiving a SOAP message; 

determining whether at least one security rule is associated with the SOAP 
message, the at least one security rule being associated with a security policy for SOAP 
messages which can be exchanged between at least one client program and at least 
one server program; and 

performing at least one operation based on the at least one security rule when 
the determining determines that at least one security rule is associated with the SOAP 
message. 

2. (Original) A method as recited in claim 1 , wherein the at least one security rule 
describes a mapping between one or more keys respectively used by the at least one 
client program and the at least one server program. 

3. (Original) A method as recited in claim 1, wherein the performing of at least one 
operation maps one or more security identifiers which are recognized by the at least 
one client program to one or more security identifiers which are recognized by the 
server program. 

4. (Currently Amended) A method as recited in claim [[1]] 3., wherein the security 
identifiers can include one or more encryption keys, one or more decryption keys, one 
or more signing keys, and one or more keys used to verify one or more signatures. 
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5. (Original) A method as recited in claim 1, 
wherein the method further comprises: 

determining a message type for the SOAP message and 

the S OAp erein ^ determfnin9 ° f Wh6ther 31 ,e3St ° ne ^ is « with 

the SOAP message comprises: 

looking up rules which are associated with the message type. 

6. (Original) A method as recited in claim 1, 

wherein the at least one security rule includes at least one decryption rule and 
wherein the performing of the at least one operation comprises: 
determining whether the SOAP message is encrypted, and 
decrypting the SOAP message based on one or more decryption keys 
which a re associated with the at least one decryption rule. 

7. (Original) A method as recited in claim 6, wherein the one or more decryption keys 
are managed by an organization or define an organizational rule. 

8. (Original) A method as recited in claim 1, 

wherein the at least one security rule includes at least one encryption rule, and 
wherein the performing of at least one operation comprises: 

encrypting the SOAP message based on one or more encryption keys 
which are associated with the at least one encryption rule. 

9. (Original) A method as recited in claim 8, wherein the one or more encryption keys 
are associated with an individual. 

10. (Original) A method as recited in claim 8, wherein the method further comprises: 

determining whether the SOAP message is encrypted before attempting to 
decrypt the SOAP message. 

11. (Original) A method as recited in claim 6, wherein the method further comprises- 

determining whether the SOAP message has been encrypted successfully; and 
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taking appropriate action when the determining determines that the SOAP 
message has not been encrypted successfully. 

12. (Original) A method as recited in claim 1, 

rule; anT^ "* * ^ " "* * ,eaSt ° ne s * nature ***** 

wherein the performing of at least one operation comprises: 

verifying at least one signature associated with the SOAP message per 
requirements specified by the at least one signature verification rule. 

13. (Original) A method as recited in claim 12, wherein the method further comprises- 

determining whether the at least one signature associated with the SOAP 
message has successfully been verified; and 

taking appropriate action when the determining determines that one or more of 
the at least one signature has not been successfully verified. 

14. (Original) A method as recited in claim 1, 

wherein the at least one security rule includes a signing rule; and 
wherein the performing of at least one operation comprises: 

signing the SOAP message using one or more keys which are associated 
with the at least one security rule. 

15. (Original) A method as recited in claim 1. wherein at least one portion of the SOAP 
message is in XML. 

16. (Original) A computer-implemented method of implementing security for SOAP 
messages exchanged between client and server programs, the method comprising: 

receiving a SOAP message; 

determining whether at least one decryption rule is associated with the SOAP 
message; ' 



STELP002 



4 of 18 



PAGE 6/20* RCVO AT 712712005 6:52:25 PM [Eastern Daylight Time] * SVR:USPTO€FXRF-6/29 • DNIS:2738300 * CSID:16509618301 ■ DURATION (mn>ss):07-24 



JUL. 21. 2005 3:58PM 16509618301 



NO. 830 P. 7 



to de <W the SOAP message using one or more keys associated 
wrfh the at te ast one deception ru.e when the determining determines that at e^ne 
decryption rule is associated with the SOAP message; 

messagT™™ 9 * " ^ "* '* W,th the SOAP 

encrypting the SOAP message using one or more keys associated with the at 
least one decryption rule when the determining determines that at least one encryption 
rule is associated with the SOAP message; 

determining whether at least one signature verification rule is associated with the 
SOAP message; 

verifying at least one signature associated with the SOAP message per 
requirements specified by the at least one signature verification rule when the 
determining determines that at least one signature verification rule is associated with 
the SOAP message; 

determining whether at least one signing rule is associated with the SOAP 
message; and 

signing the SOAP message using one or more keys associated with the at least 
one signing rule. 

17. (Original) A computer readable medium having computer program instructions 
stored therein for performing the method of claim 16. 

1 8. (Original) A method as recited in claim 16, wherein the method further comprises: 

determining a message type for the SOAP message, and 
looking up rules which are associated with the message type. 

19. (Original) A method as recited in claim 16, wherein at least one portion of the SOAP 
message is XML. 

20. (Original) A method as recited in claim 16, wherein the method further comprises- 

determining whether the SOAP message is encrypted before attempting to 
decrypt the SOAP message; 

determining whether the SOAP message has been encrypted successfully; and 
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taking appropriate action when the determining determines that the SOAP 
message has not been encrypted successfully. 

21. (Original) A method as recited in cteim 16, wherein the method further comprises- 

determining whetherthe at .east one signature associated with the SOAP 
message has successfully been verified; and 

taking appropriate action when the determining determines that the at least one 
signature has not been successfully verified. 

22. (Original) A computer readable medium having computer program instructions 
stored therein for performing the method of claim 1. 

23. (Original) A traffic manager for fecilitating communication between a client node 
and a server node in a distributed computing environment, the server node having a first 
rnterface associated therewith which is incompatible with direct communications 
generated by the client node, the traffic manager comprising a central processing unit 
which can operate to: 

receive a SOAP message; 

determine whether at least one security rule is associated with the SOAP 
message, the at least one security rule being associated with a security policy for SOAP 
message which can be exchanged between at least one client program and at least 
one server program; and 

perform at least one operation based on the at least one security rule when the 
determining determines that at least one security rule is associated with the SOAP 
message. 

24. (Original) A traffic manager as recited in claim 23, wherein the at least one security 
rule describes a mapping between one or more keys respectively used by the at least 
one client program and the at least one server program. 

25. (Original) A traffic manager as recited in claim 23, wherein the performing of at 
least one operation maps one or more security identifiers which are recognized by the 
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ItSST" to ° ne ° r more ~ — ra "** are » 

26. (Original) A method as recited in claim 25, wherein the one or more security 
■dentins can inciude one or more encryption keys, one or more decryption keys one 
or more S ,gning keys, and one or more keys used to verify one or more signatures. 

27. (Original) A computer-implemented method of protecting a server program from 
service attacks, the method comprising: 

receiving a SOAP message; 

determining whether at least one rule is associated with the SOAP message; 
collecting data that may be required to evaluate the at least one rule; 
evaluating the at least one rule at least partially based on the collected data- and 
determining whether the SOAP message constitutes a service attack based on 
the evaluating of the at least one rule. 

28. (Original) A method as recited in claim 27, wherein the determining of whether at 
least one rule is associated with the SOAP message comprises at least one of the acts 
of: 

(a) determining a message type for the SOAP message; 

(b) determining a sender node for the SOAP message; and 

(c) determining a recipient node for the SOAP message. 

29. (Original) A method as recited in claim 28, wherein the determining of data that may 
be required to evaluate the at least one rule comprises: 

determining which portion of history of at least one of the message type, sender 
node, and recipient node should be collected. 

30. (Original) A method as recited in claim 27, wherein the method further comprises: 

denying service when the determining determines that the SOAP message 
constitutes a service attack. 
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31 . (Origmal) A method as recited in Cain, 30. wherein the method further comprises- 

tak,ng remed.a, action when the determining determines that the SOAP message 
constitutes a service attack. message 

32. (Originai) A method as recited in claim 30, wherein the one or more remedial 
acbons include notifying an administrator, holding the SOAP message, making a log 
entry, invoking a programming object, and sending an additions. SOAP message. 

33. (Original) A computer-implemented method of protecting a server program from 
service attacks, the method comprising: 

receiving a SOAP message; 

determining at least one of: (a) a message type for the SOAP message, (b) a 
sender for the SOAP message, and (c) a recipient for the SOAP message; 

determining whether at least one rule is associated with at least one of the 
message type (a) , the sender (b), and the recipient (c); 

selecting at least one portion of the data which has been collected for at least 
one of the message type (a) , the sender (b), and the recipient (c); 

evaluating the at least one rule using the selected at least one portion of data; 

and 

determining whether the SOAP message constitutes a service attack based on 
the evaluating of the at least one rule. 

34. (Original) A method as recited in claim 27, wherein the method further comprises: 

denying service when the determining determines that the SOAP message 
constitutes a service attack. 

35. (Original) A method as recited in claim 33, wherein the method further comprises: 

taking remedial action when the determining determines that the SOAP message 
constitutes a service attack. 

36. (Original) A method as recited in claim 7, wherein the remedial action includes 
notifying an administrator, holding the SOAP message, making a log entry, invoking a 
programming object, and sending an additional SOAP message. 

STELP002 8ofl8 

PAGE 10/20 * RCVD AT 7/27/2005 6:52:25 PM [Eastern Daylight Time] * SVR:USPTO-EFXRF-6/29 * DNIS :2738300 * CSID : 1650961 8301 ' DURATION (mm-ss):07-24 



JOL. 27. 2005 4:00PM 16509618301 



NO. 830 P. 11 



l^T"? T COmPUter readal " e mediUm ^ "ens 
stored theran for performing the method of claim 27. 

^(Original, A traffic manager for taci.ita.ing communication between a client node 
and a server node in a distributed computing environment, the server node having a flrst 
interface associated therewith whteh is incompatible wHh direct communications 

wnich can operate to: 

receive a SOAP message; 

determine whether at least one rule is associated with the SOAP message- 
collect data that may be required to evaluate the at least one re- 
evaluate the at least one rule at least partially based on the collected data- and 
determine whether the SOAP message constitutes a service attack based on the 
evaluating of the at least one rule. 

39. (Original) A computer-implemented method of controlling publication of or access to 
a SOAP interface associated with one or more server programs, the method 
comprising: 

identifying a SOAP interface for which publication or access is requested; 

determining whether one or more rules are associated with the SOAP interface 
the one or more rules describing one or more policies with respect to publication of or ' 
access to the SOAP interface; 

evaluating the SOAP interface; and 

determining whether publication of or access to the SOAP interface should be 
granted based on the evaluating of the SOAP interface. 

40. (Original) A method as recited in claim 39, wherein the method further comprises: 

identifying a WSDL file for the SOAP interface. 

41. (Original) A method as recited in claim 40, wherein a programmer identifies the 
SOAP interface and the WSDL file. 
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42. (Original) A method as recited in claim di urf, flrai „ «. 

IIC . . , , . ^itea in claim 41 , wherein the programmer interacts with 

user interface to identify the SOAP interface and the WSDL file. 

43. (Original) A method as recited in claim 42, 

wherein the programmer interacts with a user interface of a traffic manager to 
determ.ne whether one or more existing ru tes are associated wjth the SQAp 
and • 

wherein the programmer interacts with a user interface of a traffic manager to 
request that one or more rules be approved for the SOAP interface. 

44. (Original) A method as recited in claim 42, wherein the one or more rules 
associated with the SOAP interface can be rules associated with at least one of- a 
message type, a sender, or a recipient of SOAP messages that can be passed through 
the SOAP interface. 

45. (Original) A method as recited in claim 39, wherein the evaluating of the SOAP 
interface is done at least partly based on one or more rules associated with the SOAP 
interface. 

46. (Original) A method as recited In claim 45, wherein the evaluating of the SOAP 
interface is done at least partly by a person. 

47. (Original) A method as recited in claim 46, wherein the person is an administrator. 

48. A method as recited in claim 47, wherein the method further comprises: 
modifying the SOAP interface. 

49. (Original) A method as recited in claim 48, wherein the modifying is performed at 
least partly by a person. 

50. (Original) A method as recited in claim 49, wherein the person is an administrator. 
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i^zi r m r r readabfe a ~ n ^ *— « 

stored therein for performing the method of claim 39. 

«M°4M> A Wte manager for fading communication behveen a Cent node 
and a server node In a distributed computing environment, the server node having a flr« 
mterface associated fherewtth which is Incompatible wKh direct eommun.cat,oT 

rrr sir node ' - ^ "~ ~ n9 a — *—* - 

identify a SOAP interface for which pubiication or access is requested- 
determine whether one or more rules are associated with the SOAP interface 

the one or more ruies describing one or more policies with respect to publication of or 

access to the SOAP interface; 

evaluate the SOAP interface; and 

determine whether publication of or access to the SOAP interface should be 
granted based on the evaluating of the SOAP interface. 

53. (Currently Amended) A computeNmplemented method of controlling publication of 
or access to a SOAP interface to one or more server programs, the method comprising: 

(a) identifying a SOAP interface and a WSDL file for the SOAP interface for 
which publication or access is requested^ Wherein the identifying can be performed 
by a first person by accessing a user interface of a SOAP traffic manager; 

(b) determining whether one or more rules already apply to the SOAP message, 
the one or more rules describing one or more policies with respect to publication of or ' 
access to the SOAP interface^ wherein the determining (b) can be performed by the 
first person by accessing a user interface to a SOAP traffic manager; 

(c) requesting approval of one or more additional rules for the SOAP message 
wherein the requesting can be performed by the first person by accessing a user 
interface to a SOAP traffic manager; 

(d) evaluating the SOAP interface or at least one rule associated with the SOAP 
interface, wherein the evaluating can be performed at least partly by a second person 
who can access the SOAP traffic manager, and wherein the at least one rule can be a 
pre-existing rule or an additional rule; and 
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(e) determining whether the SOAP interface or *t r M ~* „ 
the SOAP in^rfe u 'terrace or at [east one rule associated with 

the SOAP .nterface should be approved at least partly based on the evaluating^ 
w^n the detennining (e) can be performed at .east part* by a second person tho 
can access the SOAP traffic manager. 

SMOriginal) A method as recited in claim 39, wherein the first person is a programmer 
and the second person is an administrator. ^grammer 

55. (Original) A method as recited in claim 39. wherein the method further comprises- 

modifying the SOAP interface or one or. more additional rules for the SOAP 
interface, wherein the modifying can be performed at least partly by a second person 
who can access the SOAP traffic manager. 

56. (Original) A computer-implemented method of processing SOAP messages, the 
method comprising: 

receiving a SOAP message; 

determining whether at least one rule is associated with the SOAP message; 
evaluating the at least one rule based on at least one portion of the SOAP 
message; and 

determining whether an action should be taken with respect to the SOAP 
message based on the evaluating of the at least one rule. 

57. (Original) A method as recited in claim 56, wherein the method further comprises: 

determining whether at least a portion of data of the SOAP message should be 
considered to evaluate the at least one rule when the determining determines that at 
least one rule is associated with the SOAP message. 

58. (Original) A method as recited in claim 56, wherein the determining of whether at 
least one rule is associated with the SOAP message comprises at least the acts of: 

(a) determining a message type for the SOAP message; 

(b) determining a sender node for the SOAP message; and 

(c) determining a recipient node for the SOAP message. 
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59. (Original) A method as nscited in ciaim 56. wherein the at ieast one rule specifies at 
•east = n of the SOAP message which needs to he considered to evaluaL ^t 

60. (Original) A method as recited in daim 59, wherein the method further comprises- 

gathenng at least one portion of the SOAP message. 

61. (Original) A method as recited in claim 56, wherein the method further comprises- 

taking one or more actions when the determining of whether an action is required 
determines that action is required. 

62. (Original) A method as recited in claim 56, 

wherein the method further comprises: 

taking one or more actions when the determining of whether an action is 
required determines that action is required, and 

wherein the one or more actions include: holding the SOAP message, archiving 
the SOAP message, failing SOAP message delivery, sending a notification, and logging 
special notification. 

63. (Original) A method as recited in claim 62, wherein the SOAP message is held for 
review by a person. 

64. (Original) A computer readable medium having computer program instructions 
stored therein for performing the method of claim 56. 

65. (Original) A traffic manager for facilitating communication between a client node 
and a server node in a distributed computing environment, the server node having a first 
interface associated therewith which is incompatible with direct communications 
generated by the client node, the traffic manager comprising a central processing unit 
which can operate to: 

receive a SOAP message; 

determine whether at least one rule is associated with the SOAP message; 
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evaluate the at least one rule based on at least one portion of the SOAP 
message; and 

determine whether an action should be taken with respect to the SOAP 
message based on the evaluating of the at least one rule. 

66. (Original) A computer-implemented method of processing SOAP messages the 
method comprising: ' 

receiving a SOAP message; 

determining at least one of (a) a message type for the SOAP message (b) a 
sender for the SOAP message, and (c) a recipient for the SOAP message; 

determining whether at least one conditional data rule is associated with at least 
one of the message type (a), the sender (b), and the recipient (c); 

selecting at least one portion of the SOAP message based on the at least one 
conditional data rule; 

evaluating the at least one rule using the selected at least one portion of the 
SOAP message; and 

determining whether action is required to be taken with respect to the SOAP 
message based on the evaluating. 

67. (Original) A method as recited in claim 66, wherein the method further comprises: 

taking one or more actions when the determining of whether an action is required 
determines that action is required. 

68. (Original) A method as recited in claim 67, 

wherein the method further comprises: 

taking one or more actions when the determining of whether an action is required 
determines that action is required, and 

wherein the one or more actions include: holding the SOAP message, archiving 
the SOAP message, failing SOAP message delivery, sending a notification, and logging 
special notification. 
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